0

I write a simple program

When you run this program, if you are not root user, input root password, then change uid to root

if (getuid())
{
    char *pass = getpass("");
    //how to change uid to root ?
}

How to change uid to root when you got root password?

midCat
  • 123
  • 4
  • 13
  • Just to mention: don't store the root password unencrypted in your program, use a hashing function. – TNW Apr 20 '13 at 03:10
  • `if (getuid)` is a lot different from `if (getuid())`. The former is always-true... – R.. GitHub STOP HELPING ICE Apr 20 '13 at 03:15
  • @TNW: That's not really helpful if you can't authenticate without the unhashed version. – Ry- Apr 20 '13 at 03:22
  • I had change `if (getuid)` to `if (getuid())` – midCat Apr 20 '13 at 03:25
  • Can you simply use sudo when invoking your program? If not, perhaps you should lookup the source code of sudo for whichever platform you are implementing on and use it as a guide to implement your privilege escalation. – B.J. Apr 20 '13 at 03:39
  • Don't do that (because you probably will open a huge security hole in your system). Use and configure existing tools (`sudo`, `su`, `super`). FYI, you could configure `sudo` to not ask any password if you really want to (but that is risky). – Basile Starynkevitch Apr 20 '13 at 08:13

1 Answers1

5

There is no way to change from a non-root user to root. That's the whole point. Programs like login, sshd, or su work by initially starting as root, either because of their ancestry or by having the suid bit on the executable file, and carefully restricting what you can do until you authenticate with a password or other method, then changing to an appropriate uid (either root or the user you're logging in as) and exec'ing another program (usually, the shell).

R.. GitHub STOP HELPING ICE
  • 208,859
  • 35
  • 376
  • 711
  • A program able to be root is indeed *setuid* root (e.G. to start as root), but more importantly it has to be very carefully designed to avoid opening huge security holes in your system. So don't do it, unless you spend a lot of time to understand all the tricks and implications.... Read http://advancedlinuxprogramming.com/ – Basile Starynkevitch Apr 20 '13 at 08:21